CImrie

Hi naxrulhassanmca

As you likely know someone posted asking what the progress on this was (I can’t see it on here just now strangely).
Did you get my email a couple of weeks ago with the updated code?

Hi nazrulhassanmca,

I have taken a look at your code and redone a portion of it to make it PCI compliant (now using my version in my online store).
I would be happy to share the new code to you if you are willing to credit the PCI compliance to me?

Is there a place I can email you / private message to discuss this?

Hi nazrulhassanmca,

I apologise if it seemed like an attack on yourself – it was intended just to highlight the issue of PCI Compliance. I like many others value the time that people spend making plugins, and it is great that you contribute to the community.
From my experience of integrating with Stripe (I don’t use WordPress often to be honest) stripe.js requires (or at least now requires?) SSL to be used. The token is then passed to the server (this is ok to have a ‘name’ attribute).

The problem I had is that this plugin claims that it does not hit your server and yet it does, which means it isn’t PCI Compliant as you said – but many users starting small businesses etc will not be aware of these implications. I just wanted to highlight that if they want to use this plugin they will need to get tested for PCI compliance on their end (which involves checking their server security and work practices).

I would recommend placing a disclaimer on your description saying that you would need to be PCI compliant to use it.
I am pretty bogged down with my own development work at the moment but I will be happy to take a quick look through your plugin code to see if I can make any suggestions / quick fixes for this. Will get back to you if so ??